<?php require_once 'conn.php'; checkLogin(); // 获取订单ID $id = isset($_GET['id']) ? intval($_GET['id']) : 0; $keys = urlencode($_GET['keys'] ?? ''); $page = $_GET['page'] ?? 1; // 验证参数 if ($id <= 0) { echo "<script>alert('无效的订单ID');location.href='order.php?keys=$keys&Page=$page';</script>"; exit; } // 验证订单所有权(只能删除自己的订单) $employee_id = $_SESSION['employee_id']; $isAdmin = checkIfAdmin(); $checkSql = "SELECT id FROM orders WHERE id = $id"; if (!$isAdmin) { $checkSql .= " AND employee_id = $employee_id"; } $checkResult = mysqli_query($conn, $checkSql); if (mysqli_num_rows($checkResult) === 0) { echo "<script>alert('订单不存在或您没有权限删除该订单');location.href='order.php?keys=$keys&Page=$page';</script>"; exit; } // 开始事务处理 mysqli_autocommit($conn, FALSE); $error = false; try { // 先删除订单项目 $deleteItemsSql = "DELETE FROM order_items WHERE order_id = $id"; if (!mysqli_query($conn, $deleteItemsSql)) { throw new Exception("删除订单项目失败: " . mysqli_error($conn)); } // 删除订单主表 $deleteOrderSql = "DELETE FROM orders WHERE id = $id"; if (!$isAdmin) { $deleteOrderSql .= " AND employee_id = $employee_id"; } if (!mysqli_query($conn, $deleteOrderSql)) { throw new Exception("删除订单失败: " . mysqli_error($conn)); } // 提交事务 mysqli_commit($conn); echo "<script>alert('订单删除成功');location.href='order.php?keys=$keys&Page=$page';</script>"; } catch (Exception $e) { // 回滚事务 mysqli_rollback($conn); echo "<script>alert('删除订单时发生错误: " . $e->getMessage() . "');location.href='order.php?keys=$keys&Page=$page';</script>"; } // 恢复自动提交 mysqli_autocommit($conn, TRUE); exit; ?>